Hello,
I’m currently in the process of migrating from the hibernate search 5.10.6.Final to version 6.1.2.Final (or newer pending timing). We’re currently using an AWS Elasticsearch backend and were using the static method for AWS signing and would like to move the security model to IRSA.
The docs appear to support this - but the listing for the default credential providers does not include the WebIdentityTokenCredentialsProvider. According to the latest docs in AWS for the awsdk version of the APIs - the default lookup chain is:
AWS credentials provider chain that looks for credentials in this order:
- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (RECOMMENDED since they are recognized by all the AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by Java SDK)
- Java System Properties - aws.accessKeyId and aws.secretKey
- Web Identity Token credentials from the environment or container
- Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
- Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
- Instance profile credentials delivered through the Amazon EC2 metadata service
My question is - if I pull the following dependency (latest version for AWS vs the java namespaced older versions):
software.amazon.awssdk
I’m assuming hibernate search will just use THAT default credentials provider chain and be happy?
Thanks for any insight!
chris